Question 73. How does One Use Triple-DES in CBC Mode?

Until recently, the most significant use of triple-DES (see Question 72) was for the encryption of single DES keys, and there was really no need to consider how one might implement various block cipher modes (see Question 82 and Question 83) when the block cipher in question is actually one derived from multiple encryption. However, as DES nears the end of its useful lifetime (see Question 65), more thought is being given to an increasingly widespread use of triple-DES.

In particular, there are two obvious ways to implement the CBC mode (see Question 82) for triple-DES. With single-DES in CBC mode, the ciphertext is exclusive-ored with the plaintext before encryption. With triple-DES however, we might use feedback around all three DES operations from the ciphertext to the plaintext, something which is called outer-CBC. Alternatively, we might run the feedback around each individual encryption component, thereby making, in effect, triple-(DES-CBC). This is referred to as inner-CBC, since there are internal feedbacks that are never seen by the cryptanalyst.

Performance-wise, there can be some advantages to use the inner-CBC option, but research has established that outer-CBC is in fact more secure [Bih95]. Outer-CBC is the recommended way for using triple-DES in the CBC mode.